Beruflich Dokumente
Kultur Dokumente
Copyright © 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, Etats-Unis. Tous droits réservés.
Sun Microsystems, Inc. détient les droits de propriété intellectuels relatifs à la technologie incorporée dans le produit qui est décrit dans ce
document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plus des brevets américains listés à
l’adresse http://www.sun.com/patents et un ou les brevets supplémentaires ou les applications de brevet en attente aux Etats - Unis et dans les
autres pays.
Cette distribution peut comprendre des composants développés par des tierces parties.
Des parties de ce produit pourront être dérivées des systèmes Berkeley BSD licenciés par l’Université de Californie. UNIX est une marque
déposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd.
Sun, Sun Microsystems, le logo Sun, Java, Solaris, Sun Blade, Sun Fire et docs.sun.com sont des marques de fabrique ou des marques déposées
de Sun Microsystems, Inc., ou ses filiales, aux Etats-Unis et dans d’autres pays.
Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc.
aux Etats-Unis et dans d’autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun
Microsystems, Inc.
Les produits qui font l’objet de ce manuel d’entretien et les informations qu’il contient sont regis par la legislation americaine en matiere de
controle des exportations et peuvent etre soumis au droit d’autres pays dans le domaine des exportations et importations. Les utilisations
finales, ou utilisateurs finaux, pour des armes nucleaires, des missiles, des armes biologiques et chimiques ou du nucleaire maritime,
directement ou indirectement, sont strictement interdites. Les exportations ou reexportations vers des pays sous embargo des Etats-Unis, ou
vers des entites figurant sur les listes d’exclusion d’exportation americaines, y compris, mais de maniere non exclusive, la liste de personnes qui
font objet d’un ordre de ne pas participer, d’une facon directe ou indirecte, aux exportations des produits ou des services qui sont regi par la
legislation americaine en matiere de controle des exportations et la liste de ressortissants specifiquement designes, sont rigoureusement
interdites.
LA DOCUMENTATION EST FOURNIE "EN L’ETAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES
OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT
TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L’APTITUDE A UNE UTILISATION PARTICULIERE OU A
L’ABSENCE DE CONTREFACON.
Please
Recycle
Contents
Preface v
iii
▼ Configure ILOM for LDAP/SSL 22
▼ Edit LDAP/SSL Tables 26
▼ Configure ILOM for RADIUS 27
▼ Log In to ILOM as a User 28
Before You Begin 28
▼ Log Out of ILOM 29
Initial ILOM Setup Procedures Using the CLI 30
▼ Log In to ILOM 3.0 Using root User Account 30
▼ Add User Account and Assign Privileges 31
▼ Configure ILOM for Active Directory 31
▼ Configure LDAP Server 35
▼ Configure ILOM for LDAP 35
▼ Configure ILOM for LDAP/SSL 36
▼ Configure ILOM for RADIUS 41
▼ Log In to ILOM as a User 42
▼ Log Out of ILOM 42
Identify ILOM Version Information 43
▼ Identify ILOM Version Using Web Interface 43
▼ Identify ILOM Version Using CLI 43
Update ILOM Firmware to Latest Version 44
Before You Begin 44
▼ Update ILOM Firmware Using Web Interface 45
▼ Update ILOM Firmware Using CLI 46
What Next? 48
Sun Integrated Lights Out Manager (ILOM) 3.0 Getting Started Guide describes how to
perform the required procedures to access ILOM for the first time on your system.
These procedures include ILOM network connection, login, user account creation,
directory service configuration, and firmware upgrade.
This Getting Started Guide is written for system administrators who are familiar
with networking concepts and basic system management protocols.
Related Documentation
To fully understand the information that is presented in this guide, use this
document in conjunction with the documents listed in the following table. These
documents are available online at:
http://docs.sun.com/app/docs/prod/int.lights.mgr30#hic
These documents are also available with you platform documentation set at:
http://docs.sun.com/app/docs/prod/servers
First read the ILOM 3.0 Concepts Guide to learn about ILOM’s features and
functionality. To set up a new system supported by ILOM, refer to this ILOM 3.0
Getting Started Guide, where you will find the procedures for connecting to the
network, logging in to ILOM for the first time, and configuring a user account or
directory service. Then, decide which ILOM interface you want to use to perform
other ILOM tasks. You can now refer to the the appropriate ILOM 3.0 Procedures
Guide for your selected interface.
v
TABLE P-1 ILOM 3.0 Documentation Collection
Documentation http://docs.sun.com/
Support http://www.sun.com/support/
Training http://www.sun.com/training/
Preface vii
TABLE P-2 describes the common product identity information used by ILOM.
Please include the title and part number of your document with your feedback:
Sun Integrated Lights Out Manager (ILOM) 3.0 Getting Started Guide,
part number 820-5523-10.
Preface ix
x Sun ILOM 3.0 Getting Started Guide • December 2008
Getting Started With ILOM
Topics
Description Links
1
About This Guide
Sun Integrated Lights Out Manager (ILOM) 3.0 Getting Started Guide provides easy-to-
use setup and configuration procedures that will enable you to start using ILOM
even before your host system is powered on.
With ILOM, you can remotely monitor and manage your Sun system without
consuming operating system resources. ILOM provides fully featured interfaces,
including a browser-based web interface, a command-line interface, an SNMP
interface, and an IPMI interface. These interfaces are based on industry standards
and are intuitive to use.
The getting started procedures describe how to connect to ILOM and configure the
required initial settings. The procedures to verify and update the ILOM firmware
version are also provided. You can find more in-depth descriptions of ILOM’s
features and functions in the other documents that comprise the ILOM 3.0
Documentation Collection. For a list of those documents, see TABLE P-1 in the
Preface.
The root user account is persistent and is available on all interfaces (web interface,
CLI, SSH, serial console, and IPMI) unless you choose to delete the root account.
The root account provides built-in administrative privileges (read and write) for all
ILOM features, functions, and commands.
To prevent unauthorized access to your system, you should change the root
password (changeme) on each service processor (SP) or chassis monitoring module
(CMM) installed in your system. Alternatively, you can delete the root account to
secure access to your system. However, before you delete the root account, you
must set up a new user account or configure a directory service so that you will be
able to log in to ILOM.
If you delete the root account before you have configured a new user account or
directory service to log in to ILOM, you can use another preconfigured account, the
default user account, as an alternative way to to log in and re-create the root
account. For information about the default user account, see the Sun Integrated
Lights Out Manager (ILOM) 3.0 Concepts Guide.
The getting started procedures in this guide are divided into two parts. The first part
explains how to perform the initial setup and configuration tasks using the web
interface. The second part explains how to perform the same tasks, but using the
CLI. Before you begin the setup and configuration, choose one of the interfaces and
follow the respective procedures.
Configure the The way you configure network settings depends on your “Configure SP Network
network settings server platform: Settings Using DHCP” on
• Use DHCP – for all platforms page 6
• Use serial login – for all platforms “Configure Static Network
• Use BIOS – for x64-based servers or server modules Settings Using Serial
Connection” on page 8
• Use IPMItool running host OS – for x64-based servers or
server modules
• Use chassis monitoring module (CMM) – for server module
(blade) systems only
Log In to ILOM for the First Time
Log in to ILOM ILOM boots automatically when power is applied to your Sun “Log In to ILOM 3.0 Using
using the root system. ILOM is preconfigured with the root user account and root User Account” on
user account its password. You can use this special account for initial login page 11 (web)
and account setup. “Log In to ILOM 3.0 Using
root User Account” on
To log in using the root account: page 30 (CLI)
• User name: root
• Password: changeme
Log out of ILOM You can log out of your ILOM session while preserving your “Log Out of ILOM” on
configuration settings. page 29 (web)
“Log Out of ILOM” on
page 42 (CLI)
Identify ILOM Version and Upgrade Firmware
Identify ILOM You can quickly identify which version of ILOM is running on “Identify ILOM Version
version the service processor or chassis monitoring module. Using Web Interface” on
page 43
“Identify ILOM Version
Using CLI” on page 43
Update ILOM You can easily update your ILOM firmware to the latest “Update ILOM Firmware
firmware version. Using Web Interface” on
page 45
“Update ILOM Firmware
Using CLI” on page 46
Connecting to ILOM
You can log in to ILOM over the serial port without a network connection, or you
can log in to ILOM over the network. To log in using a direct serial connection,
attach a serial cable to the workstation, terminal, or terminal emulator and to the
SER MGT port on the server or, if you are using a modular chassis system, on the
chassis monitoring module (CMM). To log in using a network connection, attach an
Ethernet cable to the NET MGT port on the server or on the CMM. Then, configure
the SP network interface using static or dynamic settings.
Note – When you use the ipmitool command on a Microsoft Windows system,
you need to add the .exe extension to the ipmitool command. For example,
ipmitool.exe -I ms lan print 1
Follow these steps for x64 servers and server modules (blades) in a modular chassis
system:
1. Enter the BIOS Setup utility by pressing the F2 key while the system is
powering on and performing the power-on self-test (POST).
2. When the BIOS Main menu screen is displayed, select Advanced --> IPMI 2.0
Configuration --> LAN Configuration.
4. Log in to the ILOM CLI using the root user account and password.
<hostname> login: root
Password: changeme
The ILOM CLI prompt appears (->).
-> cd /SP/network
■ For a CMM:
-> cd /CMM/network
http://ipmitool.sourceforge.net/manpage.html
1. Determine the appropriate static network settings that you want to use.
2. To assign static IP network settings, while running IPMItool on the host, type
the following commands:
Note – When you use the ipmitool command on a Microsoft Windows system,
you need to add the .exe extension to the ipmitool command. For example,
ipmitool.exe -I ms lan set 1 ipsrc static
1 Log in to ILOM to the first time using • “Log In to ILOM 3.0 Using root User
the web interface Account” on page 11
2 Add a local user account, or • “Add User Account and Assign
configure a directory service Privileges” on page 12
• “Configure ILOM for Active Directory”
on page 14
• “Configure LDAP Server” on page 20
• “Configure ILOM for LDAP” on page 21
• “Edit LDAP/SSL Tables” on page 26
• “Configure ILOM for RADIUS” on
page 27
3 Confirm your authentication • “Log In to ILOM as a User” on page 28
configuration
4 Log out of ILOM • “Log Out of ILOM” on page 29
Follow these steps to log in to the ILOM web interface for the first time using the
root user account:
2. Type the user name and password for the root user account:
User Name: root
Password: changeme
Follow these steps to add a local user account and assign privileges (roles):
b. Choose a profile. Options include Advanced Role for all new ILOM 3.0
installations.
a Admin A user who is assigned the Admin (a) role is authorized to view and
change the state of ILOM configuration variables. With the exception of
tasks that users who have User Management, Console, and Reset and
Host Control roles, users assigned the Admin role are authorized to
perform all other ILOM functions.
u User Management A user who is assigned the User Management (u) role is authorized to
create and delete user accounts, change user passwords, change roles
assigned to other users, and enable/disable the physical-access
requirement for the default user account. This role also includes
authorization to set up LDAP, LDAP/SSL, RADIUS, and Active
Directory.
c Console A user who is assigned the Console (c) role is authorized to access the
ILOM Remote Console and the SP console and to view and change the
state of the ILOM console configuration variables.
r Reset and Host A user who is assigned the Reset and Host Control (r) role is authorized
Control to operate the system, which includes power control, reset, hot-plug,
enabling and disabling components, and fault management. This role
maps very closely to the ILOM 2.0 user with Operator privileges.
o Read Only A user who is assigned the Read Only (o) role is authorized to view the
state of the ILOM configuration variables but cannot make any changes.
Users assigned this role can also change the password and the Session
Time-Out setting for their own user account.
s Service A user who is assigned the Service (s) role can assist Sun service
engineers in the event that on-site service is required.
e. Retype the password in the Confirm New Password field to confirm the
password.
f. When you are done entering the new user’s information, click Save.
The User Account Settings page is redisplayed. The new user account and
associated information is listed on the User Account Settings page.
The following table describes the required parameters for each transfer method:
8. At the bottom of the Active Directory page, click the radio button next to the
configuration option you want to configure:
■ Admin Groups
■ Operator Groups
■ Custom Groups
■ User Domains
■ Alternate Servers
■ DNS Locator Queries
ID Name
1 CN=SpSuperAdmin,OU=Groups,DC=sales,DC=east,DC=sun,DC=com
2
ID Name
1 CN=SpSuperOper,OU=Groups,DC=sales,DC=east,DC=sun,DC=com
2
ID Name Roles
ID Domain
1 <USERNAME>@sales.east.sun.com
2 CN=<USERNAME>,OU=Users,DC=sales,DC=east,DC=sun,DC=com
Name Domain
1 _ldap._tcp.gc._msdcs.<DOMAIN>.<PORT:3269>
2 _ldap._tcp.dc._msdcs.<DOMAIN>.<PORT:636>
1. Ensure that all users authenticating to ILOM have passwords stored in "crypt"
format or the GNU extension to crypt, commonly referred to as "MD5 crypt."
For example:
userPassword: {CRYPT}ajCa2He4PJhNo
or
userPassword: {CRYPT}$1$pzKng1$du1Bf0NWBjh9t3FbUgf46.
ILOM only supports LDAP authentication for passwords stored in these two
variations of the crypt format.
3. Configure the LDAP server to enable LDAP server access to ILOM user
accounts.
Either enable your LDAP server to accept anonymous binds, or create a proxy
user on your LDAP server that has read-only access to all user accounts that will
authenticate through ILOM.
See “Configure ILOM for LDAP” on page 21.
4. To verify that LDAP authentication works, log in to the ILOM using an LDAP
user name and password.
Note – ILOM searches local users before LDAP users. If an LDAP user name exists
as a local user, ILOM uses the local account for authentication.
LDAP/SSL offers enhanced security to LDAP users by way of Secure Socket Layer
(SSL) technology. Certificates are optional if Strict Certificate Mode is used.
The following table describes the required parameters for each transfer method.
Follow these steps to modify information for Admin Groups, Operator Groups,
Custom Groups, User Domains, or Alternate Servers:
2. At the bottom of the LDAP/SSL page, select the links next to the type of
information you want to edit:
■ Admin Groups
■ Operator Groups
■ Custom Groups
■ User Domains
■ Alernate Servers
3. Select the radio button next to the individual table you want to edit, then click
Edit.
The appropriate page appears: Edit LDAP/SSL Admin Groups page, Edit
LDAP/SSL Operator Groups page, Edit LDAP/SSL Custom Groups page, Edit
LDAP/SSL User Domains page, or Edit LDAP/SSL Alternate Servers page.
2. Type the user name and password of a user account that you previously
configured.
You are now ready to configure ILOM as a regular ILOM user. To learn about
ILOM’s features and the procedures you can perform to access ILOM’s functions,
refer to the other documents in the ILOM 3.0 Documentation Collection. See
TABLE P-1. You can access the ILOM 3.0 Documentation Collection at:
http://docs.sun.com/app/docs/prod/int.lights.mgr30#hic
1 Log in to ILOM to the first time using • “Log In to ILOM 3.0 Using root User
the CLI Account” on page 30
2 Add a local user account, or • “Add User Account and Assign
configure a directory service Privileges” on page 31
• “Configure ILOM for Active Directory”
on page 31
• “Configure LDAP Server” on page 35
• “Configure ILOM for LDAP” on page 35
• “Configure ILOM for LDAP/SSL” on
page 36
• “Configure ILOM for RADIUS” on
page 41
3 Confirm your authentication • “Log In to ILOM as a User” on page 42
configuration
4 Log out of ILOM • “Log Out of ILOM” on page 42
● To log in to the ILOM CLI using the root user account, type:
$ ssh root@system_ipaddress
Password: changeme
The ILOM CLI prompt appears (->).
Follow these steps to add a local user account and assign user privileges (roles):
1. Type the following command and your password to add a local user account:
You can configure Active Directory to authenticate user credentials and authorize
user access levels to the service processor.
-> cd /SP/clients/activedirectory
/SP/clients/activedirectory
-> show
/SP/clients/activedirectory
Targets:
admingroups
alternateservers
cert
customgroups
dnslocatorqueries
opergroups
userdomains
Properties:
address = 10.5.121.321
defaultrole = Administrator
dnslocatormode = enabled
logdetail = trace
port = 0
state = disabled
strictcertmode = disabled
timeout = 4
Commands:
cd
set
show
Properties:
certstatus = certificate not present
clear_action = (none)
issuer = (none)
load_uri = (none)
serial_number = (none)
subject = (none)
valid_from = (none)
valid_until = (none)
version = (none)
You can also use the show command to retrieve the alternate server certificate
properties:
Properties:
certstatus = certificate not present
clear_action = (none)
issuer = (none)
load_uri = (none)
serial_number = (none)
subject = (none)
valid_from = (none)
valid_until = (none)
version = (none)
Note – You can set the role to any one or a combination of Admin (a), User
Management (u), Console (c), Reset and Host Control (r), or Read Only (o). The
legacy roles Administrator or Operator are also supported.
Note – The DNS Locator service query identifies the named DNS service. The port
ID is generally part of the record, but it can be overridden by using the format
<PORT:636>. Also, named services specific for the domain being authenticated can
be specified by using the <DOMAIN> substitution marker.
1. Use the set command to enter the proxy user name and password.
For example:
3. (Optional) Assign the port used to communicate with the LDAP server; the
default port is 389. Type:
4. Enter the Distinguished Name of the branch of your LDAP tree that contains
users and groups. Type:
6. To verify that LDAP authentication works, log in to ILOM using an LDAP user
name and password.
Note – ILOM searches local users before LDAP users. If an LDAP user name exists
as a local user, ILOM uses the local account for authentication.
LDAP/SSL offers enhanced security to LDAP users by way of Secure Socket Layer
(SSL) technology. Certificates are optional if Strict Certificate Mode is used.
-> cd /SP/clients/ldapssl
/SP/clients/ldapssl
-> show
/SP/clients/ldapssl
Targets:
admingroups
alternateservers
cert
customgroups
opergroups
userdomains
Properties:
address = 10.5.121.321
defaultrole = Administrator
logdetail = trace
port = 0
state = disabled
strictcertmode = disabled
timeout = 4
Commands:
cd
set
show
Properties:
certstatus = certificate not present
clear_action = (none)
issuer = (none)
load_uri = (none)
serial_number = (none)
subject = (none)
valid_from = (none)
valid_until = (none)
version = (none)
You can also use the show command to retrieve the alternate server certificate
properties:
Properties:
certstatus = certificate not present
clear_action = (none)
issuer = (none)
load_uri = (none)
serial_number = (none)
subject = (none)
valid_from = (none)
valid_until = (none)
version = (none)
Note – You can set the role to any one or a combination of Admin (a), User
Management (u), Console (c), Reset and Host Control (r), or Read Only (o). The
legacy roles Administrator or Operator are also supported.
Note – In the example below, <USERNAME> represents a user’s login name. During
authentication, the user’s login name replaces <USERNAME>.
Properties:
address = 0.0.0.0
defaultrole = Operator
port = 1812
secret = (none)
state = disabled
$ ssh username@ip_address
Or
2. Type the user name and password for the user account that you previously
configured to access ILOM.
<hostname>: username
Password: password
The ILOM CLI prompt appears (->).
You are now ready to configure ILOM as a regular ILOM user. To learn about
ILOM’s features and the procedures you can perform to access ILOM’s functions,
refer to the other documents in the ILOM 3.0 Documentation Collection. See
TABLE P-1. You can access the ILOM 3.0 Documentation Collection at:
http://docs.sun.com/app/docs/prod/int.lights.mgr30#hic
SP firmware 3.0.0.1
SP firmware build number: 38000
SP firmware date: Fri Nov 28 14:03:21 EDT 2008
SP filesystem version: 0.1.22
6. In the Firmware Verification page, enable any one of the following options:
■ Preserve Configuration. Enable this option if you want to save your existing
configuration in ILOM and restore that existing configuration after the update
process completes.
■ Delay BIOS upgrade until next server power-off. Enable this option if you
want to postpone the BIOS upgrade until the next time the system reboots.
Note – The “Delay BIOS upgrade” option appears only for firmware updates to
ILOM 3.0 or later on x64 systems.
7. Click Start Upgrade to start the upgrade process or click Exit to cancel the
process.
When you click Start Upgrade the upload process will start and a prompt to
continue the process appears.
Note – The ILOM web interface might not refresh properly after the update
completes. If the ILOM web page is missing information, or displays an error
message, you might be viewing a cached version of the page from the version
previous to the update. Clear your browser cache and refresh your browser before
continuing.
9. Reconnect to the ILOM web interface. Select System Information --> Version.
Verify that the firmware version on the SP or CMM corresponds to the firmware
image you installed.
Note – If you did not preserve the ILOM configuration before the firmware update,
you will need to perform the initial ILOM setup procedures to reconnect to ILOM.
4. At prompt for loading the specified file, type y for yes or n for no.
The prompt to preserve the configuration appears.
For example:
Do you want to preserve the configuration (y/n)?
a. At the prompt to postpone the BIOS update, type y for yes or n for n.
The system will enter a special mode to load the new firmware and then the
system will automatically reboot to complete the firmware update.
Note – The BIOS prompt only appears on x64 systems currently running an ILOM
3.x firmware release. If you answer yes (y) to the prompt,the system postpones the
BIOS upgrade until the next time the system reboots. If you answer no (n) to the
prompt, the system automatically updates the BIOS, if necessary, when updating the
SP firmware.
b. Proceed to Step 7.
7. Reconnect to the ILOM server SP or CMM using the same user name and
password that you provided in Step 1 of this procedure.
Note – If you did not preserve the ILOM configuration before the firmware update,
you will need to perform the initial ILOM setup procedures to reconnect to ILOM.
8. Ensure that the proper firmware version has been installed. At the CLI prompt,
type:
-> version
Also refer to the Sun ILOM 3.0 Procedures Guides for descriptions of how to
perform ILOM tasks using a specific user interface and your platform ILOM
Supplement documentation for platform-specific configuration instructions.
http://docs.sun.com/app/docs/prod/int.lights.mgr30#hic
http://docs.sun.com/app/docs/prod/servers